#
1.11 |
|
25-Mar-2024 |
jsing |
Rewrite HKDF_expand().
Simplify overflow checking and length tracking, use a CBB to handle output and use HMAC_CTX_new() rather than having a HMAC_CTX on the stack.
ok tb@
|
Revision tags: OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.10 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
#
1.9 |
|
01-Jun-2023 |
tb |
Avoid a potentially overflowing check
This doesn't actually overflow, but still is poor style.
Speaking of which: this is now the second time I get to fix something reported by Nicky Mouha by way of a blog post. The first time was the actual SHA-3 buffer overflow in Python where it is not entirely clear who screwed up and how. Hopefully next time proper communication will happen and work.
ok jsing
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.8 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.7 |
|
12-Dec-2021 |
tb |
Include evp_locl.h where it will be needed once most structs from evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
#
1.6 |
|
12-Dec-2021 |
tb |
Add a mostly empty hmac_local.h. HMAC_CTX and a few other things from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed.
ok inoguchi
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.5 |
|
27-Aug-2021 |
tb |
Remove unused #include <assert.h>.
This is from upstream where there is an assert() that EVP_MD_size(digest) matches the length returned by HMAC(). We avoid asserts in our libraries.
From Martin Vahlensieck
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.4 |
|
21-Nov-2019 |
tim |
A touch of style(9)
OK tb@ tedu@
|
#
1.3 |
|
21-Nov-2019 |
tim |
Use explicit_bzero() to clear key material
OK tb@ tedu@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
#
1.10 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
#
1.9 |
|
01-Jun-2023 |
tb |
Avoid a potentially overflowing check
This doesn't actually overflow, but still is poor style.
Speaking of which: this is now the second time I get to fix something reported by Nicky Mouha by way of a blog post. The first time was the actual SHA-3 buffer overflow in Python where it is not entirely clear who screwed up and how. Hopefully next time proper communication will happen and work.
ok jsing
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.8 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.7 |
|
12-Dec-2021 |
tb |
Include evp_locl.h where it will be needed once most structs from evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
#
1.6 |
|
12-Dec-2021 |
tb |
Add a mostly empty hmac_local.h. HMAC_CTX and a few other things from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed.
ok inoguchi
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.5 |
|
27-Aug-2021 |
tb |
Remove unused #include <assert.h>.
This is from upstream where there is an assert() that EVP_MD_size(digest) matches the length returned by HMAC(). We avoid asserts in our libraries.
From Martin Vahlensieck
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.4 |
|
21-Nov-2019 |
tim |
A touch of style(9)
OK tb@ tedu@
|
#
1.3 |
|
21-Nov-2019 |
tim |
Use explicit_bzero() to clear key material
OK tb@ tedu@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
#
1.9 |
|
01-Jun-2023 |
tb |
Avoid a potentially overflowing check
This doesn't actually overflow, but still is poor style.
Speaking of which: this is now the second time I get to fix something reported by Nicky Mouha by way of a blog post. The first time was the actual SHA-3 buffer overflow in Python where it is not entirely clear who screwed up and how. Hopefully next time proper communication will happen and work.
ok jsing
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.8 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.7 |
|
12-Dec-2021 |
tb |
Include evp_locl.h where it will be needed once most structs from evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
#
1.6 |
|
12-Dec-2021 |
tb |
Add a mostly empty hmac_local.h. HMAC_CTX and a few other things from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed.
ok inoguchi
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.5 |
|
27-Aug-2021 |
tb |
Remove unused #include <assert.h>.
This is from upstream where there is an assert() that EVP_MD_size(digest) matches the length returned by HMAC(). We avoid asserts in our libraries.
From Martin Vahlensieck
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.4 |
|
21-Nov-2019 |
tim |
A touch of style(9)
OK tb@ tedu@
|
#
1.3 |
|
21-Nov-2019 |
tim |
Use explicit_bzero() to clear key material
OK tb@ tedu@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
#
1.8 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.7 |
|
12-Dec-2021 |
tb |
Include evp_locl.h where it will be needed once most structs from evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
#
1.6 |
|
12-Dec-2021 |
tb |
Add a mostly empty hmac_local.h. HMAC_CTX and a few other things from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed.
ok inoguchi
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.5 |
|
27-Aug-2021 |
tb |
Remove unused #include <assert.h>.
This is from upstream where there is an assert() that EVP_MD_size(digest) matches the length returned by HMAC(). We avoid asserts in our libraries.
From Martin Vahlensieck
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.4 |
|
21-Nov-2019 |
tim |
A touch of style(9)
OK tb@ tedu@
|
#
1.3 |
|
21-Nov-2019 |
tim |
Use explicit_bzero() to clear key material
OK tb@ tedu@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
#
1.7 |
|
12-Dec-2021 |
tb |
Include evp_locl.h where it will be needed once most structs from evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
#
1.6 |
|
12-Dec-2021 |
tb |
Add a mostly empty hmac_local.h. HMAC_CTX and a few other things from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed.
ok inoguchi
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.5 |
|
27-Aug-2021 |
tb |
Remove unused #include <assert.h>.
This is from upstream where there is an assert() that EVP_MD_size(digest) matches the length returned by HMAC(). We avoid asserts in our libraries.
From Martin Vahlensieck
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.4 |
|
21-Nov-2019 |
tim |
A touch of style(9)
OK tb@ tedu@
|
#
1.3 |
|
21-Nov-2019 |
tim |
Use explicit_bzero() to clear key material
OK tb@ tedu@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
#
1.5 |
|
27-Aug-2021 |
tb |
Remove unused #include <assert.h>.
This is from upstream where there is an assert() that EVP_MD_size(digest) matches the length returned by HMAC(). We avoid asserts in our libraries.
From Martin Vahlensieck
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.4 |
|
21-Nov-2019 |
tim |
A touch of style(9)
OK tb@ tedu@
|
#
1.3 |
|
21-Nov-2019 |
tim |
Use explicit_bzero() to clear key material
OK tb@ tedu@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
#
1.4 |
|
21-Nov-2019 |
tim |
A touch of style(9)
OK tb@ tedu@
|
#
1.3 |
|
21-Nov-2019 |
tim |
Use explicit_bzero() to clear key material
OK tb@ tedu@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
#
1.2 |
|
03-Apr-2018 |
tb |
Add missing $OpenBSD$ tags.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.1 |
|
06-May-2017 |
beck |
Bring in HKDF, from BoringSSL, with regress tests modified to be in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
|